search

TechnitiumSoftware / DnsServer

Technitium DNS Server
https://technitium.com/dns/
GNU General Public License v3.0
4.47k stars 431 forks source link

Secondary DNS server not populating entries #263

Closed exoup closed 3 years ago

exoup commented 3 years ago

Howdy! Recently discovered this piece of software and loving it. I am trying to set up a secondary zone server using the instructions put here

On my primary server (dns1.local), I have a primary zone: name (dns.local) and wrote an NS entry for my secondary (dns2.local) with a glue address for the secondary server. On the secondary (dns2.local), I created a secondary zone: name (dns.local), primary name server address pointing to the primary server address. It populates one entry giving the proper host name of the primary server, which all seems right to me so far.

The issue (I think) occurs that there are no other entries populating in the list. Additionally, the secondary zone lists as expired and "Expiry: 01 Jan 0001 00:00:00"

Is there something I'm doing wrong? Can I just point clients to the secondary server now? Any others ettings I need to update?

Thank you for any help you can provide.

ShreyasZare commented 3 years ago

Thanks for the compliments. From the expiry, it looks like the secondary server is unable to complete the zone transfer from primary server.

Do check the logs and see if there are any errors related to the zone in both your primary and secondary servers.

If possible do provide a screenshot of both primary and secondary zones.

exoup commented 3 years ago

Thank you for responding so quickly. Didn't occur to me to check the logs (late night, I guess.) On my primary server, I don't think I see any relevant log files. Secondary: [2021-05-09 12:22:25 Local] Logging started. [2021-05-09 12:22:25 Local] DNS Server config file was loaded: /etc/dns/config/dns.config [2021-05-09 12:22:26 Local] DNS Server successfully loaded zone file: /etc/dns/config/zones/domain.local.zone [2021-05-09 12:22:26 Local] DNS Server is loading allowed zone file: /etc/dns/config/allowed.config [2021-05-09 12:22:26 Local] DNS Server is loading blocked zone file: /etc/dns/config/blocked.config [2021-05-09 12:22:26 Local] [0.0.0.0:53] [UDP] DNS Server was bound successfully. [2021-05-09 12:22:26 Local] [0.0.0.0:53] [TCP] DNS Server was bound successfully. [2021-05-09 12:22:26 Local] [[::]:53] [UDP] DNS Server was bound successfully. [2021-05-09 12:22:26 Local] [[::]:53] [TCP] DNS Server was bound successfully. [2021-05-09 12:22:26 Local] DHCP Server successfully loaded scope: Default [2021-05-09 12:22:26 Local] DHCP Server successfully loaded scope file: /etc/dns/config/scopes/Default.scope [2021-05-09 12:22:26 Local] [0.0.0.0:5380] HTTP Web Service was started successfully. [2021-05-09 12:22:26 Local] DNS Server (v6.2.3.0) was started successfully. [2021-05-09 12:22:31 Local] DNS Server has started zone refresh for secondary zone: domain.local [2021-05-09 12:22:33 Local] DNS Server received RCODE=NotAuthorized for 'domain.local' secondary zone transfer from: dns1.domain.local:53 (192.168.1.101:53)

Probably unrelated but I see log entries that occur after I login that read [2021-05-09 12:37:38 Local] [192.168.1.132:62219] DnsServerCore.DnsWebServiceException: Invalid username or password: admin at DnsServerCore.DnsWebService.LoginAsync(HttpListenerRequest request, JsonTextWriter jsonWriter) in Z:\Technitium\Projects\DnsServer\DnsServerCore\DnsWebService.cs:line 967 at DnsServerCore.DnsWebService.ProcessRequestAsync(HttpListenerRequest request, HttpListenerResponse response) in Z:\Technitium\Projects\DnsServer\DnsServerCore\DnsWebService.cs:line 726 [2021-05-09 12:37:40 Local] [192.168.1.132:62219] [admin] User logged in.

I uploaded screenshots of the zones (at least the relevant bits. Did not include unneeded A records) https://imgur.com/a/SlEVnGp

ShreyasZare commented 3 years ago

Thanks for the details. See comments inline:

Thank you for responding so quickly. Didn't occur to me to check the logs (late night, I guess.) On my primary server, I don't think I see any relevant log files. Secondary: [2021-05-09 12:22:25 Local] Logging started. [2021-05-09 12:22:25 Local] DNS Server config file was loaded: /etc/dns/config/dns.config [2021-05-09 12:22:26 Local] DNS Server successfully loaded zone file: /etc/dns/config/zones/domain.local.zone [2021-05-09 12:22:26 Local] DNS Server is loading allowed zone file: /etc/dns/config/allowed.config [2021-05-09 12:22:26 Local] DNS Server is loading blocked zone file: /etc/dns/config/blocked.config [2021-05-09 12:22:26 Local] [0.0.0.0:53] [UDP] DNS Server was bound successfully. [2021-05-09 12:22:26 Local] [0.0.0.0:53] [TCP] DNS Server was bound successfully. [2021-05-09 12:22:26 Local] [[::]:53] [UDP] DNS Server was bound successfully. [2021-05-09 12:22:26 Local] [[::]:53] [TCP] DNS Server was bound successfully. [2021-05-09 12:22:26 Local] DHCP Server successfully loaded scope: Default [2021-05-09 12:22:26 Local] DHCP Server successfully loaded scope file: /etc/dns/config/scopes/Default.scope [2021-05-09 12:22:26 Local] [0.0.0.0:5380] HTTP Web Service was started successfully. [2021-05-09 12:22:26 Local] DNS Server (v6.2.3.0) was started successfully. [2021-05-09 12:22:31 Local] DNS Server has started zone refresh for secondary zone: domain.local [2021-05-09 12:22:33 Local] DNS Server received RCODE=NotAuthorized for 'domain.local' secondary zone transfer from: dns1.domain.local:53 (192.168.1.101:53)

The last error which says that the secondary zone transfer failed as the server received response code (RCODE) as NotAuthorized. From this it seems that you have another DNS server running on 192.168.1.101 since Technitium DNS Server never sends NotAuthorized response for any requests. There is no line in source code where this RCODE is used to return a response.

Do check logs for your primary DNS server and see if the server was able to bind to port 53 for udp and tcp. Use command like "netstat" to see if any other DNS server or proxy is running on your server.

Probably unrelated but I see log entries that occur after I login that read [2021-05-09 12:37:38 Local] [192.168.1.132:62219] DnsServerCore.DnsWebServiceException: Invalid username or password: admin at DnsServerCore.DnsWebService.LoginAsync(HttpListenerRequest request, JsonTextWriter jsonWriter) in Z:\Technitium\Projects\DnsServer\DnsServerCore\DnsWebService.cs:line 967 at DnsServerCore.DnsWebService.ProcessRequestAsync(HttpListenerRequest request, HttpListenerResponse response) in Z:\Technitium\Projects\DnsServer\DnsServerCore\DnsWebService.cs:line 726 [2021-05-09 12:37:40 Local] [192.168.1.132:62219] [admin] User logged in.

These entries are unrelated. When you enter the web console URL, the javascript code tries to login with default credentials every time and this results in the log entry.

I uploaded screenshots of the zones (at least the relevant bits. Did not include unneeded A records) https://imgur.com/a/SlEVnGp

Thanks for the screenshots. Primary DNS zone looks good. One small thing: since you have an A record for the domain used in the NS record in the zone itself, you don't need to add it again as a glue address. Glue address is to be used only when the domain name is not resolvable.

Secondary zone too looks good. So, secondary refresh attempt is being made to the provided IP address and its failing due to the reasons discussed above. Once you have the primary DNS server running well, the secondary will be able to do zone transfer and populate all records automatically.

exoup commented 3 years ago

Checked the logs and found errors that the DNS server failed to bind on port 53 using TCP. Apparently I had an instance of bind9 installed so I uninstalled it and now Technitium DNS is able to bind to 53/UDP and 53/TCP!

This resolved the issue of receiving RCODE=NotAuthorized but now the error logs read: [2021-05-10 17:42:54 Local] DNS Server has started zone refresh for secondary zone: domain.local [2021-05-10 17:42:54 Local] DNS Server received RCODE=Refused for 'domain.local' secondary zone transfer from: dns1.domain.local:53 (192.168.1.101:53)

I decided to restart the server to see if there was anything errant still running but I didn't see anything.

I then decided to delete the secondary zone and NS record and recreate them and still no luck. After that I changed the way I wrote the NS record on the Primary server to '@' instead of naming the dns server specifically and it worked! Populated over without issue.

Thank you for your help. I consider this one resolved.

ShreyasZare commented 3 years ago

I decided to restart the server to see if there was anything errant still running but I didn't see anything.

I then decided to delete the secondary zone and NS record and recreate them and still no luck. After that I changed the way I wrote the NS record on the Primary server to '@' instead of naming the dns server specifically and it worked! Populated over without issue.

Ya, I too missed that name part for the secondary NS record while seeing the previous screenshot.

Thank you for your help. I consider this one resolved.

You're welcome.